Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Services.exe running at 100%


  • Please log in to reply
10 replies to this topic

#1 zeus_r6

zeus_r6

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 27 July 2012 - 09:53 AM

The workstation in question here waits about 5 minutes then services.exe ramps up to 100%, basically crippling the system completely. Regular scans will not complete even after 18 hours as it slows everything down to a crawl. Redirects happen as well via the browser. Direction where to start on this machine would be greatly appreciated!

BC AdBot (Login to Remove)

 


#2 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:28 PM

Posted 27 July 2012 - 09:54 AM

Download

TDSSkiller

Launch it.Click on change parameters-Select TDLFS file system

Click on "Scan".Please post the LOG report(log file should be in your C drive)

Do not change the default options on scan results

Download

aswMBR

Launch it, allow it to download latest Avast! virus definitions
Click the "Scan" button to start scan.After scan finishes,click on Save log

Post the log results here

Download

ESET online scanner

Install it

Click on START,it should download the virus definitions
When scan gets completed,click on LIST of found threats

Export the list to desktop,copy the contents of the text file in your reply

#3 zeus_r6

zeus_r6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 27 July 2012 - 05:27 PM

Log report from TDSSKiller


18:22:47.0491 2276 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
18:22:47.0834 2276 ============================================================
18:22:47.0834 2276 Current date / time: 2012/07/27 18:22:47.0834
18:22:47.0834 2276 SystemInfo:
18:22:47.0834 2276
18:22:47.0834 2276 OS Version: 6.1.7601 ServicePack: 1.0
18:22:47.0834 2276 Product type: Workstation
18:22:47.0834 2276 ComputerName: CELENA-PC
18:22:47.0835 2276 UserName: Celena
18:22:47.0835 2276 Windows directory: C:\Windows
18:22:47.0835 2276 System windows directory: C:\Windows
18:22:47.0835 2276 Running under WOW64
18:22:47.0835 2276 Processor architecture: Intel x64
18:22:47.0835 2276 Number of processors: 1
18:22:47.0835 2276 Page size: 0x1000
18:22:47.0835 2276 Boot type: Normal boot
18:22:47.0835 2276 ============================================================
18:22:48.0835 2276 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
18:22:48.0839 2276 ============================================================
18:22:48.0839 2276 \Device\Harddisk0\DR0:
18:22:48.0839 2276 MBR partitions:
18:22:48.0839 2276 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
18:22:48.0839 2276 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x1B54E800
18:22:48.0839 2276 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1B5B2800, BlocksNum 0x1BDF000
18:22:48.0839 2276 \Device\Harddisk0\DR0\Partition3: MBR, Type 0xC, StartLBA 0x1D191800, BlocksNum 0x33970
18:22:48.0839 2276 ============================================================
18:22:48.0865 2276 C: <-> \Device\Harddisk0\DR0\Partition1
18:22:48.0923 2276 D: <-> \Device\Harddisk0\DR0\Partition2
18:22:48.0938 2276 E: <-> \Device\Harddisk0\DR0\Partition3
18:22:48.0938 2276 ============================================================
18:22:48.0938 2276 Initialize success
18:22:48.0938 2276 ============================================================
18:23:21.0454 1460 ============================================================
18:23:21.0454 1460 Scan started
18:23:21.0454 1460 Mode: Manual; TDLFS;
18:23:21.0454 1460 ============================================================
18:23:21.0736 1460 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
18:23:21.0745 1460 1394ohci - ok
18:23:21.0774 1460 39792934 - ok
18:23:21.0824 1460 85389443 - ok
18:23:21.0900 1460 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
18:23:21.0904 1460 ACPI - ok
18:23:21.0964 1460 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
18:23:21.0965 1460 AcpiPmi - ok
18:23:22.0121 1460 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
18:23:22.0122 1460 AdobeARMservice - ok
18:23:22.0257 1460 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
18:23:22.0265 1460 AdobeFlashPlayerUpdateSvc - ok
18:23:22.0349 1460 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
18:23:22.0360 1460 adp94xx - ok
18:23:22.0446 1460 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
18:23:22.0473 1460 adpahci - ok
18:23:22.0529 1460 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
18:23:22.0544 1460 adpu320 - ok
18:23:22.0600 1460 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
18:23:22.0601 1460 AeLookupSvc - ok
18:23:22.0683 1460 AERTFilters (d1e343bc00136ce03c4d403194d06a80) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
18:23:22.0684 1460 AERTFilters - ok
18:23:22.0756 1460 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
18:23:22.0776 1460 AFD - ok
18:23:22.0880 1460 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
18:23:22.0881 1460 agp440 - ok
18:23:22.0929 1460 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
18:23:22.0930 1460 ALG - ok
18:23:22.0972 1460 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
18:23:22.0974 1460 aliide - ok
18:23:23.0006 1460 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
18:23:23.0007 1460 amdide - ok
18:23:23.0049 1460 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
18:23:23.0051 1460 AmdK8 - ok
18:23:23.0078 1460 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
18:23:23.0080 1460 AmdPPM - ok
18:23:23.0142 1460 amdsata (6ec6d772eae38dc17c14aed9b178d24b) C:\Windows\system32\drivers\amdsata.sys
18:23:23.0144 1460 amdsata - ok
18:23:23.0193 1460 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
18:23:23.0196 1460 amdsbs - ok
18:23:23.0225 1460 amdxata (1142a21db581a84ea5597b03a26ebaa0) C:\Windows\system32\drivers\amdxata.sys
18:23:23.0225 1460 amdxata - ok
18:23:23.0279 1460 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
18:23:23.0281 1460 AppID - ok
18:23:23.0315 1460 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
18:23:23.0316 1460 AppIDSvc - ok
18:23:23.0382 1460 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
18:23:23.0383 1460 Appinfo - ok
18:23:23.0429 1460 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
18:23:23.0431 1460 arc - ok
18:23:23.0477 1460 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
18:23:23.0479 1460 arcsas - ok
18:23:23.0535 1460 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
18:23:23.0537 1460 AsyncMac - ok
18:23:23.0581 1460 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
18:23:23.0581 1460 atapi - ok
18:23:23.0687 1460 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:23:23.0709 1460 AudioEndpointBuilder - ok
18:23:23.0722 1460 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
18:23:23.0727 1460 AudioSrv - ok
18:23:23.0807 1460 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
18:23:23.0809 1460 AxInstSV - ok
18:23:23.0880 1460 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
18:23:23.0890 1460 b06bdrv - ok
18:23:23.0967 1460 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
18:23:23.0971 1460 b57nd60a - ok
18:23:24.0042 1460 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
18:23:24.0044 1460 BDESVC - ok
18:23:24.0080 1460 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
18:23:24.0081 1460 Beep - ok
18:23:24.0170 1460 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
18:23:24.0193 1460 BITS - ok
18:23:24.0243 1460 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
18:23:24.0244 1460 blbdrive - ok
18:23:24.0292 1460 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
18:23:24.0293 1460 bowser - ok
18:23:24.0328 1460 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
18:23:24.0329 1460 BrFiltLo - ok
18:23:24.0356 1460 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
18:23:24.0357 1460 BrFiltUp - ok
18:23:24.0414 1460 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
18:23:24.0416 1460 Browser - ok
18:23:24.0464 1460 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
18:23:24.0483 1460 Brserid - ok
18:23:24.0532 1460 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
18:23:24.0533 1460 BrSerWdm - ok
18:23:24.0567 1460 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
18:23:24.0568 1460 BrUsbMdm - ok
18:23:24.0583 1460 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
18:23:24.0584 1460 BrUsbSer - ok
18:23:24.0607 1460 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
18:23:24.0607 1460 BTHMODEM - ok
18:23:24.0665 1460 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
18:23:24.0667 1460 bthserv - ok
18:23:24.0688 1460 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
18:23:24.0690 1460 cdfs - ok
18:23:24.0757 1460 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
18:23:24.0759 1460 cdrom - ok
18:23:24.0862 1460 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:23:24.0864 1460 CertPropSvc - ok
18:23:24.0913 1460 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
18:23:24.0914 1460 circlass - ok
18:23:24.0987 1460 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
18:23:24.0995 1460 CLFS - ok
18:23:25.0104 1460 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:23:25.0108 1460 clr_optimization_v2.0.50727_32 - ok
18:23:25.0151 1460 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
18:23:25.0153 1460 clr_optimization_v2.0.50727_64 - ok
18:23:25.0201 1460 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
18:23:25.0202 1460 CmBatt - ok
18:23:25.0242 1460 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
18:23:25.0243 1460 cmdide - ok
18:23:25.0312 1460 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
18:23:25.0319 1460 CNG - ok
18:23:25.0380 1460 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
18:23:25.0380 1460 Compbatt - ok
18:23:25.0440 1460 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
18:23:25.0441 1460 CompositeBus - ok
18:23:25.0460 1460 COMSysApp - ok
18:23:25.0492 1460 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
18:23:25.0493 1460 crcdisk - ok
18:23:25.0568 1460 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
18:23:25.0570 1460 CryptSvc - ok
18:23:25.0643 1460 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:23:25.0658 1460 DcomLaunch - ok
18:23:25.0712 1460 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
18:23:25.0720 1460 defragsvc - ok
18:23:25.0801 1460 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
18:23:25.0802 1460 DfsC - ok
18:23:25.0885 1460 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
18:23:25.0904 1460 Dhcp - ok
18:23:25.0987 1460 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
18:23:25.0988 1460 discache - ok
18:23:26.0061 1460 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
18:23:26.0062 1460 Disk - ok
18:23:26.0139 1460 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
18:23:26.0143 1460 Dnscache - ok
18:23:26.0212 1460 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
18:23:26.0220 1460 dot3svc - ok
18:23:26.0287 1460 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
18:23:26.0290 1460 DPS - ok
18:23:26.0336 1460 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
18:23:26.0338 1460 drmkaud - ok
18:23:26.0445 1460 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
18:23:26.0451 1460 DXGKrnl - ok
18:23:26.0517 1460 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
18:23:26.0521 1460 EapHost - ok
18:23:26.0714 1460 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
18:23:26.0782 1460 ebdrv - ok
18:23:26.0968 1460 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
18:23:26.0969 1460 EFS - ok
18:23:27.0107 1460 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
18:23:27.0123 1460 ehRecvr - ok
18:23:27.0166 1460 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
18:23:27.0168 1460 ehSched - ok
18:23:27.0268 1460 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
18:23:27.0286 1460 elxstor - ok
18:23:27.0373 1460 EPSON_PM_RPCV4_01 (1e345f2a2d95da3190596e691cde9342) C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
18:23:27.0375 1460 EPSON_PM_RPCV4_01 - ok
18:23:27.0425 1460 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
18:23:27.0426 1460 ErrDev - ok
18:23:27.0513 1460 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
18:23:27.0547 1460 EventSystem - ok
18:23:27.0611 1460 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
18:23:27.0619 1460 exfat - ok
18:23:27.0659 1460 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
18:23:27.0670 1460 fastfat - ok
18:23:27.0761 1460 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
18:23:27.0777 1460 Fax - ok
18:23:27.0810 1460 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
18:23:27.0811 1460 fdc - ok
18:23:27.0856 1460 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
18:23:27.0857 1460 fdPHost - ok
18:23:27.0926 1460 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
18:23:27.0927 1460 FDResPub - ok
18:23:27.0946 1460 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
18:23:27.0947 1460 FileInfo - ok
18:23:27.0974 1460 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
18:23:27.0975 1460 Filetrace - ok
18:23:28.0000 1460 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
18:23:28.0003 1460 flpydisk - ok
18:23:28.0076 1460 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
18:23:28.0079 1460 FltMgr - ok
18:23:28.0336 1460 FontCache (b4447f606bb19fd8ad0bafb59b90f5d9) C:\Windows\system32\FntCache.dll
18:23:28.0383 1460 FontCache - ok
18:23:28.0499 1460 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
18:23:28.0503 1460 FontCache3.0.0.0 - ok
18:23:28.0573 1460 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
18:23:28.0574 1460 FsDepends - ok
18:23:28.0608 1460 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
18:23:28.0608 1460 Fs_Rec - ok
18:23:28.0706 1460 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
18:23:28.0709 1460 fvevol - ok
18:23:28.0738 1460 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
18:23:28.0740 1460 gagp30kx - ok
18:23:28.0914 1460 GamesAppService (c403c5db49a0f9aaf4f2128edc0106d8) C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe
18:23:28.0923 1460 GamesAppService - ok
18:23:29.0055 1460 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
18:23:29.0069 1460 gpsvc - ok
18:23:29.0204 1460 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:29.0208 1460 gupdate - ok
18:23:29.0230 1460 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
18:23:29.0231 1460 gupdatem - ok
18:23:29.0268 1460 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
18:23:29.0269 1460 hcw85cir - ok
18:23:29.0353 1460 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
18:23:29.0368 1460 HdAudAddService - ok
18:23:29.0401 1460 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
18:23:29.0403 1460 HDAudBus - ok
18:23:29.0439 1460 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
18:23:29.0441 1460 HidBatt - ok
18:23:29.0484 1460 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
18:23:29.0486 1460 HidBth - ok
18:23:29.0547 1460 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
18:23:29.0549 1460 HidIr - ok
18:23:29.0585 1460 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
18:23:29.0586 1460 hidserv - ok
18:23:29.0661 1460 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
18:23:29.0664 1460 HidUsb - ok
18:23:29.0717 1460 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
18:23:29.0720 1460 hkmsvc - ok
18:23:29.0772 1460 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
18:23:29.0781 1460 HomeGroupListener - ok
18:23:29.0822 1460 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
18:23:29.0822 1460 HomeGroupProvider - ok
18:23:29.0978 1460 HP Health Check Service (c84bcc03858daeac4db1e95efcce1934) C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
18:23:29.0979 1460 HP Health Check Service - ok
18:23:30.0073 1460 hpqwmiex (ef3ea06057132138b4e5895a61601dbe) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
18:23:30.0082 1460 hpqwmiex - ok
18:23:30.0174 1460 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
18:23:30.0175 1460 HpSAMD - ok
18:23:30.0270 1460 HPWMISVC (b6492d01712a22ff3fea25a999dbd321) C:\Program Files\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
18:23:30.0271 1460 HPWMISVC - ok
18:23:30.0358 1460 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
18:23:30.0367 1460 HTTP - ok
18:23:30.0410 1460 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
18:23:30.0411 1460 hwpolicy - ok
18:23:30.0497 1460 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
18:23:30.0499 1460 i8042prt - ok
18:23:30.0583 1460 iaStor (be7d72fcf442c26975942007e0831241) C:\Windows\system32\DRIVERS\iaStor.sys
18:23:30.0585 1460 iaStor - ok
18:23:30.0845 1460 iaStorV (3df4395a7cf8b7a72a5f4606366b8c2d) C:\Windows\system32\drivers\iaStorV.sys
18:23:30.0880 1460 iaStorV - ok
18:23:31.0038 1460 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
18:23:31.0095 1460 idsvc - ok
18:23:31.0547 1460 igfx (677aa5991026a65ada128c4b59cf2bad) C:\Windows\system32\DRIVERS\igdkmd64.sys
18:23:31.0768 1460 igfx - ok
18:23:31.0940 1460 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
18:23:31.0940 1460 iirsp - ok
18:23:32.0036 1460 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
18:23:32.0048 1460 IKEEXT - ok
18:23:32.0184 1460 IntcAzAudAddService (a3bcbd0f710580a07d1b929d787d36ce) C:\Windows\system32\drivers\RTKVHD64.sys
18:23:32.0200 1460 IntcAzAudAddService - ok
18:23:32.0332 1460 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
18:23:32.0335 1460 intelide - ok
18:23:32.0393 1460 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
18:23:32.0394 1460 intelppm - ok
18:23:32.0425 1460 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
18:23:32.0427 1460 IPBusEnum - ok
18:23:32.0474 1460 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:23:32.0477 1460 IpFilterDriver - ok
18:23:32.0531 1460 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
18:23:32.0533 1460 IPMIDRV - ok
18:23:32.0601 1460 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
18:23:32.0606 1460 IPNAT - ok
18:23:32.0640 1460 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
18:23:32.0641 1460 IRENUM - ok
18:23:32.0666 1460 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
18:23:32.0667 1460 isapnp - ok
18:23:32.0733 1460 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
18:23:32.0741 1460 iScsiPrt - ok
18:23:32.0781 1460 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
18:23:32.0781 1460 kbdclass - ok
18:23:32.0849 1460 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
18:23:32.0850 1460 kbdhid - ok
18:23:32.0901 1460 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:32.0902 1460 KeyIso - ok
18:23:32.0941 1460 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
18:23:32.0941 1460 KSecDD - ok
18:23:33.0013 1460 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
18:23:33.0015 1460 KSecPkg - ok
18:23:33.0103 1460 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
18:23:33.0104 1460 ksthunk - ok
18:23:33.0176 1460 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
18:23:33.0191 1460 KtmRm - ok
18:23:33.0273 1460 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
18:23:33.0282 1460 LanmanServer - ok
18:23:33.0332 1460 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
18:23:33.0336 1460 LanmanWorkstation - ok
18:23:33.0387 1460 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
18:23:33.0388 1460 lltdio - ok
18:23:33.0453 1460 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
18:23:33.0470 1460 lltdsvc - ok
18:23:33.0487 1460 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
18:23:33.0489 1460 lmhosts - ok
18:23:33.0543 1460 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
18:23:33.0545 1460 LSI_FC - ok
18:23:33.0573 1460 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
18:23:33.0576 1460 LSI_SAS - ok
18:23:33.0611 1460 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
18:23:33.0613 1460 LSI_SAS2 - ok
18:23:33.0631 1460 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
18:23:33.0633 1460 LSI_SCSI - ok
18:23:33.0666 1460 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
18:23:33.0669 1460 luafv - ok
18:23:33.0732 1460 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
18:23:33.0734 1460 Mcx2Svc - ok
18:23:33.0906 1460 MDM (11f714f85530a2bd134074dc30e99fca) C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
18:23:33.0910 1460 MDM - ok
18:23:33.0965 1460 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
18:23:33.0970 1460 megasas - ok
18:23:34.0013 1460 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
18:23:34.0029 1460 MegaSR - ok
18:23:34.0083 1460 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:23:34.0085 1460 MMCSS - ok
18:23:34.0116 1460 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
18:23:34.0117 1460 Modem - ok
18:23:34.0146 1460 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
18:23:34.0147 1460 monitor - ok
18:23:34.0202 1460 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
18:23:34.0202 1460 mouclass - ok
18:23:34.0233 1460 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
18:23:34.0234 1460 mouhid - ok
18:23:34.0279 1460 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
18:23:34.0280 1460 mountmgr - ok
18:23:34.0326 1460 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
18:23:34.0330 1460 mpio - ok
18:23:34.0357 1460 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
18:23:34.0358 1460 mpsdrv - ok
18:23:34.0411 1460 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
18:23:34.0415 1460 MRxDAV - ok
18:23:34.0481 1460 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
18:23:34.0493 1460 mrxsmb - ok
18:23:34.0555 1460 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:23:34.0564 1460 mrxsmb10 - ok
18:23:34.0587 1460 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:23:34.0589 1460 mrxsmb20 - ok
18:23:34.0643 1460 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
18:23:34.0644 1460 msahci - ok
18:23:34.0705 1460 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
18:23:34.0708 1460 msdsm - ok
18:23:34.0743 1460 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
18:23:34.0746 1460 MSDTC - ok
18:23:34.0789 1460 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
18:23:34.0790 1460 Msfs - ok
18:23:34.0821 1460 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
18:23:34.0822 1460 mshidkmdf - ok
18:23:34.0873 1460 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
18:23:34.0874 1460 msisadrv - ok
18:23:34.0918 1460 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
18:23:34.0923 1460 MSiSCSI - ok
18:23:34.0933 1460 msiserver - ok
18:23:35.0011 1460 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
18:23:35.0012 1460 MSKSSRV - ok
18:23:35.0033 1460 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
18:23:35.0033 1460 MSPCLOCK - ok
18:23:35.0049 1460 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
18:23:35.0049 1460 MSPQM - ok
18:23:35.0131 1460 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
18:23:35.0134 1460 MsRPC - ok
18:23:35.0192 1460 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
18:23:35.0193 1460 mssmbios - ok
18:23:35.0203 1460 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
18:23:35.0204 1460 MSTEE - ok
18:23:35.0238 1460 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
18:23:35.0243 1460 MTConfig - ok
18:23:35.0272 1460 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
18:23:35.0273 1460 Mup - ok
18:23:35.0424 1460 MyFunCards_5mService (72f8c1568a56c7059cb1074a7e529dc6) C:\PROGRA~2\MYFUNC~2\bar\1.bin\5mbarsvc.exe
18:23:35.0427 1460 MyFunCards_5mService - ok
18:23:35.0498 1460 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
18:23:35.0524 1460 napagent - ok
18:23:35.0587 1460 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
18:23:35.0605 1460 NativeWifiP - ok
18:23:35.0696 1460 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
18:23:35.0706 1460 NDIS - ok
18:23:35.0729 1460 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
18:23:35.0733 1460 NdisCap - ok
18:23:35.0769 1460 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
18:23:35.0770 1460 NdisTapi - ok
18:23:35.0832 1460 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
18:23:35.0833 1460 Ndisuio - ok
18:23:35.0878 1460 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
18:23:35.0881 1460 NdisWan - ok
18:23:35.0923 1460 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
18:23:35.0924 1460 NDProxy - ok
18:23:35.0958 1460 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
18:23:35.0959 1460 NetBIOS - ok
18:23:36.0019 1460 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
18:23:36.0058 1460 NetBT - ok
18:23:36.0105 1460 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:36.0105 1460 Netlogon - ok
18:23:36.0183 1460 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
18:23:36.0207 1460 Netman - ok
18:23:36.0259 1460 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
18:23:36.0266 1460 netprofm - ok
18:23:36.0357 1460 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:23:36.0360 1460 NetTcpPortSharing - ok
18:23:36.0910 1460 netw5v64 (64428dfdaf6e88366cb51f45a79c5f69) C:\Windows\system32\DRIVERS\netw5v64.sys
18:23:37.0044 1460 netw5v64 - ok
18:23:37.0159 1460 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
18:23:37.0159 1460 nfrd960 - ok
18:23:37.0255 1460 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
18:23:37.0263 1460 NlaSvc - ok
18:23:37.0290 1460 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
18:23:37.0291 1460 Npfs - ok
18:23:37.0327 1460 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
18:23:37.0329 1460 nsi - ok
18:23:37.0348 1460 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
18:23:37.0349 1460 nsiproxy - ok
18:23:37.0491 1460 Ntfs (05d78aa5cb5f3f5c31160bdb955d0b7c) C:\Windows\system32\drivers\Ntfs.sys
18:23:37.0529 1460 Ntfs - ok
18:23:37.0671 1460 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
18:23:37.0672 1460 Null - ok
18:23:37.0721 1460 nvraid (5d9fd91f3d38dc9da01e3cb5fa89cd48) C:\Windows\system32\drivers\nvraid.sys
18:23:37.0724 1460 nvraid - ok
18:23:37.0780 1460 nvstor (f7cd50fe7139f07e77da8ac8033d1832) C:\Windows\system32\drivers\nvstor.sys
18:23:37.0783 1460 nvstor - ok
18:23:37.0835 1460 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
18:23:37.0837 1460 nv_agp - ok
18:23:37.0919 1460 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
18:23:37.0920 1460 ohci1394 - ok
18:23:38.0021 1460 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:23:38.0024 1460 ose - ok
18:23:38.0081 1460 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:23:38.0097 1460 p2pimsvc - ok
18:23:38.0144 1460 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
18:23:38.0156 1460 p2psvc - ok
18:23:38.0185 1460 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
18:23:38.0200 1460 Parport - ok
18:23:38.0253 1460 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
18:23:38.0254 1460 partmgr - ok
18:23:38.0287 1460 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
18:23:38.0290 1460 PcaSvc - ok
18:23:38.0346 1460 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
18:23:38.0348 1460 pci - ok
18:23:38.0370 1460 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
18:23:38.0371 1460 pciide - ok
18:23:38.0425 1460 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
18:23:38.0435 1460 pcmcia - ok
18:23:38.0476 1460 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
18:23:38.0477 1460 pcw - ok
18:23:38.0544 1460 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
18:23:38.0555 1460 PEAUTH - ok
18:23:38.0669 1460 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
18:23:38.0673 1460 PerfHost - ok
18:23:38.0938 1460 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
18:23:38.0979 1460 pla - ok
18:23:39.0055 1460 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
18:23:39.0068 1460 PlugPlay - ok
18:23:39.0096 1460 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
18:23:39.0099 1460 PNRPAutoReg - ok
18:23:39.0147 1460 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
18:23:39.0151 1460 PNRPsvc - ok
18:23:39.0235 1460 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
18:23:39.0255 1460 PolicyAgent - ok
18:23:39.0325 1460 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
18:23:39.0328 1460 Power - ok
18:23:39.0433 1460 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
18:23:39.0435 1460 PptpMiniport - ok
18:23:39.0470 1460 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
18:23:39.0472 1460 Processor - ok
18:23:39.0524 1460 ProfSvc (5c78838b4d166d1a27db3a8a820c799a) C:\Windows\system32\profsvc.dll
18:23:39.0531 1460 ProfSvc - ok
18:23:39.0600 1460 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:39.0602 1460 ProtectedStorage - ok
18:23:39.0659 1460 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
18:23:39.0661 1460 Psched - ok
18:23:39.0762 1460 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
18:23:39.0795 1460 ql2300 - ok
18:23:39.0931 1460 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
18:23:39.0933 1460 ql40xx - ok
18:23:40.0017 1460 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
18:23:40.0025 1460 QWAVE - ok
18:23:40.0051 1460 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
18:23:40.0054 1460 QWAVEdrv - ok
18:23:40.0080 1460 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
18:23:40.0085 1460 RasAcd - ok
18:23:40.0128 1460 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
18:23:40.0129 1460 RasAgileVpn - ok
18:23:40.0177 1460 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
18:23:40.0180 1460 RasAuto - ok
18:23:40.0235 1460 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
18:23:40.0237 1460 Rasl2tp - ok
18:23:40.0301 1460 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
18:23:40.0316 1460 RasMan - ok
18:23:40.0368 1460 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
18:23:40.0369 1460 RasPppoe - ok
18:23:40.0401 1460 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
18:23:40.0402 1460 RasSstp - ok
18:23:40.0452 1460 rcmirror (96597c96d5acf4a3ef0b24d396853879) C:\Windows\system32\DRIVERS\rcmirror.sys
18:23:40.0453 1460 rcmirror - ok
18:23:40.0511 1460 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
18:23:40.0516 1460 rdbss - ok
18:23:40.0549 1460 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
18:23:40.0550 1460 rdpbus - ok
18:23:40.0576 1460 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
18:23:40.0577 1460 RDPCDD - ok
18:23:40.0616 1460 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
18:23:40.0617 1460 RDPENCDD - ok
18:23:40.0639 1460 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
18:23:40.0640 1460 RDPREFMP - ok
18:23:40.0703 1460 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
18:23:40.0711 1460 RDPWD - ok
18:23:40.0783 1460 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
18:23:40.0786 1460 rdyboost - ok
18:23:40.0828 1460 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
18:23:40.0830 1460 RemoteAccess - ok
18:23:40.0874 1460 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
18:23:40.0877 1460 RemoteRegistry - ok
18:23:41.0018 1460 RichVideo (498eb62a160674e793fa40fd65390625) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
18:23:41.0021 1460 RichVideo - ok
18:23:41.0092 1460 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
18:23:41.0095 1460 RpcEptMapper - ok
18:23:41.0126 1460 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
18:23:41.0128 1460 RpcLocator - ok
18:23:41.0214 1460 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
18:23:41.0218 1460 RpcSs - ok
18:23:41.0294 1460 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
18:23:41.0296 1460 rspndr - ok
18:23:41.0330 1460 RSUSBSTOR - ok
18:23:41.0399 1460 RTL8167 (777fc2c418465404e3d8a290dc247d24) C:\Windows\system32\DRIVERS\Rt64win7.sys
18:23:41.0404 1460 RTL8167 - ok
18:23:41.0523 1460 rtl8192se (03e0627c26943916a7276ac5306206c7) C:\Windows\system32\DRIVERS\rtl8192se.sys
18:23:41.0530 1460 rtl8192se - ok
18:23:41.0569 1460 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:41.0571 1460 SamSs - ok
18:23:41.0618 1460 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
18:23:41.0620 1460 sbp2port - ok
18:23:41.0670 1460 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
18:23:41.0674 1460 SCardSvr - ok
18:23:41.0723 1460 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
18:23:41.0724 1460 scfilter - ok
18:23:41.0990 1460 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
18:23:42.0024 1460 Schedule - ok
18:23:42.0078 1460 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
18:23:42.0079 1460 SCPolicySvc - ok
18:23:42.0139 1460 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\drivers\sdbus.sys
18:23:42.0142 1460 sdbus - ok
18:23:42.0190 1460 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
18:23:42.0193 1460 SDRSVC - ok
18:23:42.0245 1460 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
18:23:42.0246 1460 secdrv - ok
18:23:42.0291 1460 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
18:23:42.0293 1460 seclogon - ok
18:23:42.0342 1460 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
18:23:42.0344 1460 SENS - ok
18:23:42.0351 1460 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
18:23:42.0351 1460 SensrSvc - ok
18:23:42.0383 1460 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
18:23:42.0383 1460 Serenum - ok
18:23:42.0420 1460 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
18:23:42.0422 1460 Serial - ok
18:23:42.0468 1460 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
18:23:42.0470 1460 sermouse - ok
18:23:42.0534 1460 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
18:23:42.0537 1460 SessionEnv - ok
18:23:42.0698 1460 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
18:23:42.0705 1460 sffdisk - ok
18:23:42.0727 1460 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
18:23:42.0731 1460 sffp_mmc - ok
18:23:42.0759 1460 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
18:23:42.0760 1460 sffp_sd - ok
18:23:42.0790 1460 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
18:23:42.0791 1460 sfloppy - ok
18:23:42.0866 1460 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
18:23:42.0902 1460 ShellHWDetection - ok
18:23:42.0943 1460 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
18:23:42.0945 1460 SiSRaid2 - ok
18:23:42.0987 1460 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
18:23:42.0989 1460 SiSRaid4 - ok
18:23:43.0119 1460 SkypeUpdate (6128e98eaaed364ed1a32708d2fd22cb) C:\Program Files (x86)\Skype\Updater\Updater.exe
18:23:43.0122 1460 SkypeUpdate - ok
18:23:43.0179 1460 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
18:23:43.0181 1460 Smb - ok
18:23:43.0247 1460 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
18:23:43.0249 1460 SNMPTRAP - ok
18:23:44.0447 1460 SophosVirusRemovalTool (cbd35431f0ae0dd32ef9b613ba5b89f0) C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe
18:23:44.0946 1460 SophosVirusRemovalTool - ok
18:23:45.0078 1460 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
18:23:45.0078 1460 spldr - ok
18:23:45.0628 1460 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
18:23:45.0657 1460 Spooler - ok
18:23:46.0148 1460 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
18:23:46.0232 1460 sppsvc - ok
18:23:46.0833 1460 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
18:23:46.0849 1460 sppuinotify - ok
18:23:50.0823 1460 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
18:23:50.0924 1460 srv - ok
18:23:51.0030 1460 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
18:23:51.0061 1460 srv2 - ok
18:23:51.0136 1460 SrvHsfHDA (0c4540311e11664b245a263e1154cef8) C:\Windows\system32\DRIVERS\VSTAZL6.SYS
18:23:51.0142 1460 SrvHsfHDA - ok
18:23:51.0269 1460 SrvHsfV92 (02071d207a9858fbe3a48cbfd59c4a04) C:\Windows\system32\DRIVERS\VSTDPV6.SYS
18:23:51.0304 1460 SrvHsfV92 - ok
18:23:51.0493 1460 SrvHsfWinac (18e40c245dbfaf36fd0134a7ef2df396) C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
18:23:51.0513 1460 SrvHsfWinac - ok
18:23:51.0575 1460 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
18:23:51.0586 1460 srvnet - ok
18:23:51.0658 1460 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
18:23:51.0668 1460 SSDPSRV - ok
18:23:51.0693 1460 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
18:23:51.0695 1460 SstpSvc - ok
18:23:51.0743 1460 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
18:23:51.0744 1460 stexstor - ok
18:23:51.0835 1460 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
18:23:51.0869 1460 stisvc - ok
18:23:51.0921 1460 SWDUMon (04cf20310145dec63d5387beaff77d9a) C:\Windows\system32\DRIVERS\SWDUMon.sys
18:23:51.0921 1460 SWDUMon - ok
18:23:51.0963 1460 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
18:23:51.0963 1460 swenum - ok
18:23:52.0027 1460 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
18:23:52.0046 1460 swprv - ok
18:23:52.0123 1460 SynTP (91853f78b68f9f036670291f5edd4eae) C:\Windows\system32\DRIVERS\SynTP.sys
18:23:52.0126 1460 SynTP - ok
18:23:52.0324 1460 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
18:23:52.0361 1460 SysMain - ok
18:23:52.0519 1460 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
18:23:52.0522 1460 TabletInputService - ok
18:23:52.0580 1460 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
18:23:52.0596 1460 TapiSrv - ok
18:23:52.0660 1460 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
18:23:52.0662 1460 TBS - ok
18:23:52.0872 1460 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
18:23:52.0916 1460 Tcpip - ok
18:23:53.0202 1460 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
18:23:53.0215 1460 TCPIP6 - ok
18:23:53.0302 1460 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
18:23:53.0303 1460 tcpipreg - ok
18:23:53.0353 1460 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
18:23:53.0355 1460 TDPIPE - ok
18:23:53.0405 1460 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
18:23:53.0406 1460 TDTCP - ok
18:23:53.0467 1460 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
18:23:53.0477 1460 tdx - ok
18:23:53.0543 1460 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
18:23:53.0544 1460 TermDD - ok
18:23:53.0608 1460 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
18:23:53.0633 1460 TermService - ok
18:23:53.0676 1460 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
18:23:53.0679 1460 Themes - ok
18:23:53.0728 1460 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
18:23:53.0729 1460 THREADORDER - ok
18:23:53.0773 1460 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
18:23:53.0776 1460 TrkWks - ok
18:23:53.0880 1460 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
18:23:53.0882 1460 TrustedInstaller - ok
18:23:53.0956 1460 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
18:23:53.0958 1460 tssecsrv - ok
18:23:54.0012 1460 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
18:23:54.0013 1460 TsUsbFlt - ok
18:23:54.0079 1460 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
18:23:54.0080 1460 tunnel - ok
18:23:54.0142 1460 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
18:23:54.0144 1460 uagp35 - ok
18:23:54.0207 1460 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
18:23:54.0231 1460 udfs - ok
18:23:54.0326 1460 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
18:23:54.0329 1460 UI0Detect - ok
18:23:54.0387 1460 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
18:23:54.0388 1460 uliagpkx - ok
18:23:54.0445 1460 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
18:23:54.0446 1460 umbus - ok
18:23:54.0486 1460 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
18:23:54.0487 1460 UmPass - ok
18:23:54.0635 1460 Updater Service for StartNow Toolbar (70eb41a4417ba0aa36ae12bf2b4d98f6) C:\Program Files (x86)\StartNow Toolbar\ToolbarUpdaterService.exe
18:23:54.0644 1460 Updater Service for StartNow Toolbar - ok
18:23:54.0702 1460 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
18:23:54.0716 1460 upnphost - ok
18:23:54.0779 1460 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
18:23:54.0781 1460 usbaudio - ok
18:23:54.0819 1460 usbccgp (481dff26b4dca8f4cbac1f7dce1d6829) C:\Windows\system32\DRIVERS\usbccgp.sys
18:23:54.0820 1460 usbccgp - ok
18:23:54.0883 1460 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
18:23:54.0885 1460 usbcir - ok
18:23:54.0942 1460 usbehci (74ee782b1d9c241efe425565854c661c) C:\Windows\system32\drivers\usbehci.sys
18:23:54.0943 1460 usbehci - ok
18:23:54.0985 1460 usbhub (dc96bd9ccb8403251bcf25047573558e) C:\Windows\system32\drivers\usbhub.sys
18:23:55.0005 1460 usbhub - ok
18:23:55.0031 1460 usbohci (58e546bbaf87664fc57e0f6081e4f609) C:\Windows\system32\drivers\usbohci.sys
18:23:55.0035 1460 usbohci - ok
18:23:55.0091 1460 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
18:23:55.0092 1460 usbprint - ok
18:23:55.0127 1460 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
18:23:55.0128 1460 usbscan - ok
18:23:55.0158 1460 USBSTOR (d76510cfa0fc09023077f22c2f979d86) C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:23:55.0160 1460 USBSTOR - ok
18:23:55.0186 1460 usbuhci (81fb2216d3a60d1284455d511797db3d) C:\Windows\system32\drivers\usbuhci.sys
18:23:55.0187 1460 usbuhci - ok
18:23:55.0240 1460 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
18:23:55.0240 1460 usbvideo - ok
18:23:55.0290 1460 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
18:23:55.0294 1460 UxSms - ok
18:23:55.0333 1460 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
18:23:55.0334 1460 VaultSvc - ok
18:23:55.0368 1460 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
18:23:55.0369 1460 vdrvroot - ok
18:23:55.0439 1460 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
18:23:55.0469 1460 vds - ok
18:23:55.0505 1460 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
18:23:55.0510 1460 vga - ok
18:23:55.0537 1460 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
18:23:55.0538 1460 VgaSave - ok
18:23:55.0587 1460 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
18:23:55.0592 1460 vhdmp - ok
18:23:55.0628 1460 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
18:23:55.0629 1460 viaide - ok
18:23:55.0681 1460 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
18:23:55.0682 1460 volmgr - ok
18:23:55.0749 1460 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
18:23:55.0753 1460 volmgrx - ok
18:23:55.0821 1460 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
18:23:55.0825 1460 volsnap - ok
18:23:55.0909 1460 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
18:23:55.0913 1460 vsmraid - ok
18:23:56.0070 1460 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
18:23:56.0113 1460 VSS - ok
18:23:56.0243 1460 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
18:23:56.0243 1460 vwifibus - ok
18:23:56.0290 1460 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
18:23:56.0290 1460 vwififlt - ok
18:23:56.0359 1460 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
18:23:56.0372 1460 W32Time - ok
18:23:56.0414 1460 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
18:23:56.0417 1460 WacomPen - ok
18:23:56.0499 1460 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:56.0500 1460 WANARP - ok
18:23:56.0511 1460 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
18:23:56.0512 1460 Wanarpv6 - ok
18:23:56.0663 1460 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
18:23:56.0681 1460 WatAdminSvc - ok
18:23:56.0838 1460 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
18:23:56.0907 1460 wbengine - ok
18:23:57.0049 1460 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
18:23:57.0059 1460 WbioSrvc - ok
18:23:57.0133 1460 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
18:23:57.0147 1460 wcncsvc - ok
18:23:57.0166 1460 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
18:23:57.0169 1460 WcsPlugInService - ok
18:23:57.0238 1460 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
18:23:57.0239 1460 Wd - ok
18:23:57.0314 1460 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
18:23:57.0314 1460 Wdf01000 - ok
18:23:57.0355 1460 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:23:57.0358 1460 WdiServiceHost - ok
18:23:57.0370 1460 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
18:23:57.0373 1460 WdiSystemHost - ok
18:23:57.0472 1460 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
18:23:57.0477 1460 WebClient - ok
18:23:57.0545 1460 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
18:23:57.0556 1460 Wecsvc - ok
18:23:57.0593 1460 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
18:23:57.0601 1460 wercplsupport - ok
18:23:57.0651 1460 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
18:23:57.0656 1460 WerSvc - ok
18:23:57.0735 1460 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
18:23:57.0736 1460 WfpLwf - ok
18:23:57.0767 1460 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
18:23:57.0768 1460 WIMMount - ok
18:23:57.0783 1460 WinHttpAutoProxySvc - ok
18:23:57.0876 1460 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
18:23:57.0885 1460 Winmgmt - ok
18:23:58.0068 1460 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
18:23:58.0116 1460 WinRM - ok
18:23:58.0346 1460 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
18:23:58.0346 1460 WinUsb - ok
18:23:58.0445 1460 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
18:23:58.0466 1460 Wlansvc - ok
18:23:58.0490 1460 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
18:23:58.0491 1460 WmiAcpi - ok
18:23:58.0580 1460 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
18:23:58.0584 1460 wmiApSrv - ok
18:23:58.0661 1460 WMPNetworkSvc - ok
18:23:58.0700 1460 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
18:23:58.0702 1460 WPCSvc - ok
18:23:58.0753 1460 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
18:23:58.0756 1460 WPDBusEnum - ok
18:23:58.0799 1460 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
18:23:58.0800 1460 ws2ifsl - ok
18:23:58.0810 1460 WSearch - ok
18:23:58.0994 1460 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
18:23:59.0054 1460 wuauserv - ok
18:23:59.0199 1460 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
18:23:59.0201 1460 WudfPf - ok
18:23:59.0246 1460 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
18:23:59.0249 1460 WUDFRd - ok
18:23:59.0304 1460 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
18:23:59.0307 1460 wudfsvc - ok
18:23:59.0367 1460 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
18:23:59.0383 1460 WwanSvc - ok
18:23:59.0492 1460 yukonw7 (b3eeacf62445e24fbb2cd4b0fb4db026) C:\Windows\system32\DRIVERS\yk62x64.sys
18:23:59.0515 1460 yukonw7 - ok
18:23:59.0556 1460 MBR (0x1B8) (e2a9c3a524e2afe3d0ec7b71691f43cb) \Device\Harddisk0\DR0
18:23:59.0849 1460 \Device\Harddisk0\DR0 - ok
18:23:59.0857 1460 Boot (0x1200) (780e5bf59568f3f076e44a5bb7234ddc) \Device\Harddisk0\DR0\Partition0
18:23:59.0858 1460 \Device\Harddisk0\DR0\Partition0 - ok
18:23:59.0915 1460 Boot (0x1200) (9c9e73b5c215cc462ba1be939a53419b) \Device\Harddisk0\DR0\Partition1
18:23:59.0917 1460 \Device\Harddisk0\DR0\Partition1 - ok
18:23:59.0950 1460 Boot (0x1200) (8cb3a29c59eba44d5c9e50435ba6858c) \Device\Harddisk0\DR0\Partition2
18:23:59.0953 1460 \Device\Harddisk0\DR0\Partition2 - ok
18:23:59.0981 1460 Boot (0x1200) (8df0cde2989e3dbe7f31b77b72109b98) \Device\Harddisk0\DR0\Partition3
18:23:59.0982 1460 \Device\Harddisk0\DR0\Partition3 - ok
18:23:59.0987 1460 ============================================================
18:23:59.0987 1460 Scan finished
18:23:59.0987 1460 ============================================================
18:24:00.0005 1988 Detected object count: 0
18:24:00.0005 1988 Actual detected object count: 0
18:24:12.0126 1528 Deinitialize success

#4 zeus_r6

zeus_r6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 July 2012 - 07:59 AM

the aswMBR is still scanning, it's been 12 hours and it seems to only scan one file every five minutes. The cooling fan is running full blast and the processor is at 100%

#5 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:28 PM

Posted 28 July 2012 - 08:09 AM

Run ASWMBR in safemode

#6 zeus_r6

zeus_r6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 July 2012 - 09:05 AM

Thanks, it already found two things infected

#7 zeus_r6

zeus_r6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 July 2012 - 11:51 AM

During the scan the laptop overheated and shut down. Running a scan with an external fan cooling it as well but it's not finding the two infections this time around...

#8 zeus_r6

zeus_r6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 28 July 2012 - 10:14 PM

aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software
Run date: 2012-07-28 12:29:25
-----------------------------
12:29:25.270 OS Version: Windows x64 6.1.7601 Service Pack 1
12:29:25.270 Number of processors: 1 586 0x170A
12:29:25.271 ComputerName: CELENA-PC UserName: Celena
12:29:25.783 Initialize success
12:29:35.241 AVAST engine defs: 12072700
12:29:38.799 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
12:29:38.802 Disk 0 Vendor: WDC_WD25 01.0 Size: 238475MB BusType: 3
12:29:38.821 Disk 0 MBR read successfully
12:29:38.828 Disk 0 MBR scan
12:29:38.833 Disk 0 unknown MBR code
12:29:38.845 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
12:29:38.858 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 223901 MB offset 409600
12:29:38.892 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 14270 MB offset 458958848
12:29:38.912 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 488183808
12:29:38.951 Disk 0 scanning C:\Windows\system32\drivers
12:29:56.943 Service scanning
12:30:24.882 Modules scanning
12:30:24.882 Disk 0 trace - called modules:
12:30:25.428 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll
12:30:25.444 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8003208790]
12:30:25.444 3 CLASSPNP.SYS[fffff8800185143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80021aa050]
12:30:26.255 AVAST engine scan C:\Windows
12:30:28.501 AVAST engine scan C:\Windows\system32
13:18:32.330 File: C:\Windows\assembly\GAC_32\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
13:25:49.709 File: C:\Windows\assembly\GAC_64\Desktop.ini **INFECTED** Win32:Sirefef-PL [Rtk]
15:34:22.521 AVAST engine scan C:\Windows\system32\drivers
15:37:46.108 AVAST engine scan C:\Users\Celena
19:32:29.432 AVAST engine scan C:\ProgramData
22:07:45.048 Scan finished successfully
22:59:14.782 Disk 0 MBR has been saved successfully to "C:\Users\Celena\Desktop\MBR.dat"
22:59:14.782 The log file has been saved successfully to "C:\Users\Celena\Desktop\aswMBR.txt"

#9 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:28 PM

Posted 28 July 2012 - 10:18 PM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck

#10 zeus_r6

zeus_r6
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:09:28 PM

Posted 30 July 2012 - 09:21 AM

We need advanced tools to remove this one

Read the guide here

http://www.bleepingcomputer.com/forums/topic34773.html

and create a topic here

http://www.bleepingcomputer.com/forums/forum22.html

Good luck


Ok because it's been running the online scanner for 24 hours and is only at 19% :(

#11 narenxp

narenxp

  • BC Advisor
  • 16,371 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:India
  • Local time:10:28 PM

Posted 30 July 2012 - 11:31 AM

No problem,start a topic with proper logs and allow the scan to run.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users